Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2016-3992

HistoryJul 26, 2016 - 5:59 p.m.

CVE-2016-3992

2016-07-2617:59:01

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

27.1%

JSON

cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.

OSVersionArchitecturePackageVersionFilename
Debian12allcronic< 3-1cronic_3-1_all.deb
Debian11allcronic< 3-1cronic_3-1_all.deb
Debian999allcronic< 3-1cronic_3-1_all.deb
Debian13allcronic< 3-1cronic_3-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	cronic	< 3-1	cronic_3-1_all.deb
Debian	11	all	cronic	< 3-1	cronic_3-1_all.deb
Debian	999	all	cronic	< 3-1	cronic_3-1_all.deb
Debian	13	all	cronic	< 3-1	cronic_3-1_all.deb

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

27.1%

JSON

Related for DEBIANCVE:CVE-2016-3992